An aggregate of all of GoVanguard’s InfoSec & Cybersecurity related Posts, News, Threats and Data Feeds.

On March 29, 2021, US Customs and Border Protection (CBP) will publish in the Federal Register a notice of finding that certain disposable gloves produced in Malaysia with the use of convict, forced or indentured labor are being, or are likely to be, imported into the United States [CBP Dec. 21-08]. This Finding applies to any merchandise described in Section II of the notice that is imported on or after March 29, 2021. It also applies to merchandise which has already been imported and has not been released from CBP custody before March 29, 2021. The Secretary of Homeland Security has reviewed and approved this Finding.

Pursuant to 19 U.S.C. 1307 and 19 CFR 12.42(f),CBP determined that disposable gloves classified under Harmonized Tariff Schedule of the United States (HTSUS) subheadings 3926.20.1020, 4015.11.0150, 4015.19.0510, 4015.19.0550, 4015.19.1010, 4015.19.1050, and 4015.19.5000, which are mined, produced, or manufactured in whole or in part with the use of convict, forced, or indentured labor by Top Glove Corporation Bhd in Malaysia, are being, or are likely to be, imported into the United States. Based upon this determination, the port director may seize the covered merchandise for violation of 19 U.S.C. 1307 and commence forfeiture proceedings pursuant to 19 CFR part 162, subpart E, unless the importer establishes by satisfactory evidence that the merchandise was not produced in any part with the use of prohibited labor specified in this Finding.

The post United States: CBP issues forced labor finding on certain gloves appeared first on Global Compliance News.

Source

In brief

Please join us for a new weekly video series, hosted by Baker McKenzie’s North America Government Enforcement partners Tom Firestone and Jerome Tomas.

This weekly briefing is available on demand and will cover hot topics and current enforcement actions related to white collar crime and criminal investigations in the US and abroad to arm you with the information you need to start your business week.

As one of the largest global law firms, we will call upon our exceptionally deep and broad bench of white collar experts throughout the world and particularly in the commercial hubs of Europe, Asia, Africa and Latin America to join our weekly discussion series.

These briefings will cover:

  • High-profile DOJ case updates and implications
  • SEC enforcement developments
  • CFTC enforcement developments
  • Other white collar defense industry developments

30 March 2021

Video Link

15 March 2021

Video Link

8 March 2021

Video Link

1 March 2021

Video Link

22 February 2021

Video Link

15 February 2021

Video Link

8 February 2021

Video Link

1 February 2021

Video Link

18 January 2021

Video Link

4 January 2021

Video Link

14 December 2020

Video Link

07 December 2020

Video Link

23 November 2020

Video Link

16 November 2020

Video Link

9 November 2020

Video Link

26 October 2020

Video Link

19 October 2020

Video Link

5 October 2020

Video Link

29 September 2020

Video Link

8 September 2020

Video Link

24 August 2020

Video Link

17 August 2020

Video Link

10 August 2020

Video Link

3 August 2020

Video Link

27 July 2020

Video Link

20 July 2020

Video Link

13 July 2020

Video Link

6 July 2020

Video Link

29 June 2020

Video Link

22 June 2020

Video Link

17 June 2020

Video Link

9 June 2020

Video Link

26 May 2020

Video Link

The post United States: This Week in Government Enforcement appeared first on Global Compliance News.

Source

image
The BazarLoader malware is leveraging worker trust in collaboration tools like Slack and BaseCamp, in email messages with links to malware payloads, researchers said. And in a secondary campaign aimed at consumers, the attackers have added a voice-call element to the attack chain. Join experts from Digital Shadows (Austin Merritt), Malwarebytes (Adam Kujawa) and Sift (Kevin Lee) to find out how cybercrime forums really work. FREE! Register by clicking above. The BazarLoader downloader, written in C++, has the primary function of downloading and executing additional modules. BazarLoader was first observed in the wild last April – and since then researchers have observed at least six variants, “signaling active and continued development.” It’s been recently seen being used as a staging malware for ransomware, particularly Ryuk. “With a focus on targets in large enterprises, BazarLoader could potentially be used to mount a subsequent ransomware attack,” according to an advisory from Sophos, issued on Thursday. Cyberattackers Abuse Slack and BaseCamp According to researchers at Sophos, in the first campaign spotted, adversaries are targeting employees of large organizations with emails that purport to offer important information related to contracts, customer service, invoices or payroll. “One spam sample even attempted to disguise itself as a notification that the employee had been laid off from their job,” according to Sophos. The links inside the emails are hosted on Slack…

Source

image
A kids’ game called “Jungle Run” that, until recently, was available in the Apple App store, was secretly a cryptocurrency-funded casino set up to scam people out of money. Join experts from Digital Shadows (Austin Merritt), Malwarebytes (Adam Kujawa) and Sift (Kevin Lee) to find out how cybercrime forums really work. FREE! Register by clicking above. Kosta Eleftheriou, who found the scam, is a tech entrepreneur and founder of the Apple Watch keyboard app FlickType who, it’s worth noting, is currently entangled in anti-trust litigation he filed against Apple in March. He’s also developed a popular cybersecurity side hustle tracking down malicious apps lurking in the iOS store. His latest discovery was that Jungle Run, which was marketed in the App Store as a game for ages 4+, transformed into a crypto-funded casino when he set his VPN to Turkey. He later discovered that the Jungle Run casino also worked when VPNs were set to Italy and Kazakhstan. He mused on Twitter whether it was available everywhere but the U.S. The same developer also had “Magical Forest Puzzle” on the app store, which used the same VPN trick to unlock a different casino. This @AppStore app pretends to be a silly platformer game for children 4+, but if I set my VPN to Turkey and relaunch it becomes an online casino that doesn’t even use Apple’s IAP. 🤯 pic.twitter.com/crnOOF0pNi — Kosta Eleftheriou (@keleftheriou) April 15, 2021 After Eleftheriou went to the press with the discovery and Gizmodo was…

Source

By Bimal Sheth, HITRUST Vice President of Assurance Services

Under HITRUST Approach 2.0, our organization continues to pursue enhancements to the tools, solutions, and services that risk managers and information security professionals rely on every day to meet ever-evolving requirements and complexities.

As part of this ongoing commitment, the HITRUST CSF Assurance Program is always looking for ways to add efficiency and certainty during all phases of the assessment process. One such enhancement is our upcoming HITRUST Reservation System for submitting HITRUST CSF Validated Assessments. This initiative is also referred to as “Reservation-Based Quality Assurance” (RBQA).

In the past, the QA process was performed in the order in which assessments were submitted. The new Reservation System creates a more orderly process, allowing assessed entities and HITRUST Authorized External Assessor Organizations to schedule their resources and respond to HITRUST’s QA feedback. In addition, a confirmed reservation means the QA process begins closer to the submission date, which eliminates scheduling questions and guesswork.

Key Reservation System Highlights Include:

  1. Starting on July 1, 2021, a reservation will be required to submit a HITRUST CSF Validated Assessment. It’s important to note that HITRUST CSF Bridge, Interim, and Readiness Assessments are not included, meaning RBQA is not available for these types of assessments.
  2. Scheduling reservations within the HITRUST MyCSF platform is easy and streamlined; however, the knowledgeable Support team is available to help if needed.
  3. Reservations are made in one-week increment QA Blocks that contain reservation slots, which are tied to specific assessments.
  4. Expedited Reservations are available if needed, giving the opportunity to schedule QA sooner than would otherwise be available. To purchase an Expedited Reservation, contact your Customer Success Manager.

The new Reservation System for HITRUST CSF Validated Assessments allows the HITRUST community of customers and assessor organizations to schedule a specific starting date to begin the QA process, which enables better submission planning, greater predictability, and added trackability.

Interested in getting additional information on the Reservation System? You can consult the detailed Advisory.

For instructions on how to create a HITRUST CSF Validated Assessment reservation, review the step-by-step procedures in the Process Walkthrough within MyCSF.

The post Reservation System for Submitting HITRUST CSF Validated Assessments appeared first on HITRUST Alliance.

Source

image
The Feds are warning that nation-state actors are once again after U.S. assets, this time in a spate of cyberattacks that exploit five vulnerabilities that affect VPN solutions, collaboration-suite software and virtualization technologies. According to the U.S. National Security Agency (NSA), which issued an alert Thursday, the advanced persistent threat (APT) group known as APT29 (a.k.a. Cozy Bear or The Dukes) is conducting “widespread scanning and exploitation against vulnerable systems in an effort to obtain authentication credentials to allow further access.” The targets include U.S. and allied national-security and government networks, it added. Join experts from Digital Shadows (Austin Merritt), Malwarebytes (Adam Kujawa) and Sift (Kevin Lee) to find out how cybercrime forums really work. FREE! Register by clicking above. The five bugs under active attack are known, fixed security holes in platforms from Citrix, Fortinet, Pulse Secure, Synacor and VMware (detailed below) that organizations should patch immediately, researchers warned. “Some of these vulnerabilities also have working Metasploit modules and are currently being widely exploited,” said researchers with Cisco Talos, in a related posting on Thursday. “Please note that some of these vulnerabilities exploit applications leveraging SSL. This means that users should enable SSL decryption…to detect exploitation of these vulnerabilities.” The NSA has linked APT29 to Russia’s Foreign Intelligence Services (SVR)….

Source

image
Recently, the public learned of multiple vulnerabilities (“ProxyLogon”) that impacted Microsoft’s on-premises Exchange Server, a software application used worldwide to manage communications between employees. Since then, many in the security industry have come to realize that attackers knew of these vulnerabilities up to two months before the announcement, based on current reports. In fact, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) is advising entities to look for compromise dating back to September 1. Since the disclosure of these vulnerabilities, the severity of this situation has continued to worsen. It’s generally recognized that the number of potentially affected organizations is in the tens of thousands – and that’s only the U.S.-based organizations. Mandiant confirms that the scope of this attack extends beyond the United States and we expect the final tally to be higher than current estimates. It is rare that software so ubiquitous as Exchange Server suffers a quartet of severe, easy-to-exploit vulnerabilities. The gravity of this situation compounds when considering that most organizations using Exchange Server are likely small-to-medium (SMB) businesses with no, or a very small, in-house IT security staff, making it difficult to adequately respond to this situation. It is in this very fog that attackers have created an illegitimate multibillion-dollar industry that takes advantage of unknowing, unsuspecting and oft-uninformed organizations….

Source

image
Google Project Zero will now give organizations a 30-day grace period to patch zero-day flaws it discovers in a new disclosure policy revealed this week aimed at speeding up the time it takes for patches to be adopted. Known for discovering a number of high-profile zero days—in Google’s own products as well as those found in rival Apple’s software—Project Zero last year began revealing the technical details of flaws its researchers discovered 90 days after the initial vulnerability report. However, now research group is changing this tactic slightly, saying it will delay disclosure of the technical details of the vulnerability until 30 days after a patch is issued if that patch is created within the 90-day period, according to a blog post by Project Zero’s Tim Willis posted Thursday. “Vendors will now have 90 days for patch development, and an additional 30 days for patch adoption,” he wrote. Moving to this so-called “90+30 model” will allow researchers and the industry as a whole to “decouple time to patch from patch adoption time, reduce the contentious debate around attacker/defender trade-offs and the sharing of technical details, while advocating to reduce the amount of time that end users are vulnerable to known attacks,” Willis explained. However, technical details of vulnerabilities that remained unpatched during the 90-day period after Project Zero discovers them still will be disclosed immediately after that grace period is up, according to the post. Project Zero…

Source

image
On Aug. 13, 2020, someone uploaded a suspected malicious file to VirusTotal, a service that scans submitted files against more than five dozen antivirus and security products. Last month, Microsoft and FireEye identified that file as a newly-discovered fourth malware backdoor used in the sprawling SolarWinds supply chain hack. An analysis of the malicious file and other submissions by the same VirusTotal user suggest the account that initially flagged the backdoor as suspicious belongs to IT personnel at the National Telecommunications and Information Administration (NTIA), a division of the U.S. Commerce Department that handles telecommunications and Internet policy. Both Microsoft and FireEye published blog posts on Mar. 4 concerning a new backdoor found on high-value targets that were compromised by the SolarWinds attackers. FireEye refers to the backdoor as "Sunshuttle," whereas Microsoft calls it "GoldMax." FireEye says the Sunshuttle backdoor was named "Lexicon.exe," and had the unique file signatures or "hashes" of "9466c865f7498a35e4e1a8f48ef1dffd" (MD5) and b9a2c986b6ad1eb4cfb0303baede906936fe96396f3cf490b0984a4798d741d8 (SHA-1). "In August 2020, a U.S.-based entity uploaded a new backdoor that we have named SUNSHUTTLE to a public malware repository," FireEye wrote. The "Sunshuttle" or "GoldMax" backdoor, as identified by FireEye and Microsoft, respectively. Image: VirusTotal.com. A search in VirusTotal's malware repository shows that on Aug. 13, 2020 someone…

Source

In brief

Shelter-in-place or stay-at-home orders have been prevalent throughout the United States since March 2020 as state and local governments have sought to protect their citizens from the spread of the COVID-19 virus while at the same time reopen their economies in accordance with phased reopening plans. Keeping abreast of the evolving nature of these orders and plans as the spread of the virus continues to evolve is critical to the functioning of all businesses throughout the country.


Baker McKenzie has a team in place that has been advising clients real-time on these most critical issues since the first orders were enacted. We are pleased to provide this Tracker, which identifies the relevant state-wide shelter-in-place orders and their related expiration dates, as well as the applicable state-wide reopening plans, in each of the 50 United States plus Washington, D.C. The “What’s Open” table on each page highlights the reopening status of four major sectors (office, manufacturing, retail and bars/restaurants).

In addition, the Tracker includes links to the relevant quarantine requirements or recommendations for incoming travelers in each state plus Washington, D.C.

Key developments reflected in this week’s update to the Tracker include the following:

  • The following jurisdictions extended their state-wide orders and/or the duration of the current phase of their reopening plans: Georgia, Illinois, Indiana, Iowa, Kentucky, Louisiana, Mississippi, New Hampshire and Rhode Island.
  • The following jurisdictions eased restrictions and/or advanced to the next phase of their reopening plan: Georgia, Louisiana, New Jersey and Pennsylvania.
  • The Wisconsin Supreme Court struck down Governor Evers’ mask mandate and bared the Governor from issuing a mask mandate without approval of the state legislature. In addition, the Kansas state legislature rescinded the Governor Kelly’s mask order.

You can also view our brochure which highlights key areas of expertise where we can support your business’s tracking and reopening plans. Please call or email your regular Baker McKenzie contact if you require additional analysis regarding these matters.

Last updated 2 April 2021

Download US Shelter-In-Place / Reopening Tracker

The post United States: 50 State Shelter-In-Place/Reopening Tracker appeared first on Global Compliance News.

Source